| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2021-34458 | Windows Kernel Remote Code Execution Vulnerability | Windows Server 2019 | Critical | 21-07-2021 |
Technical Information
Brief overview of the risk:
A Remote Code Execution vulnerability in Windows Kernel which is due to use of the single root I/O virtualization (SR-IOV) interface which is an extension to the PCI Express (PCIe) specification. SR-IOV allows a device, such as a network adapter, to have separate access to its resources. This vulnerability can be exploited by attackers with low privileges and there’s no need for any user interaction. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the logged on user.
Further information on this vulnerability is available at : CVE-2021-34458
Affected Software
Windows Server 2019Windows Server 2019 (Server Core installation)
Windows Server version 2004 (Server Core installation)
Windows Server version 20H2 (Server Core Installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)